You may have heard about the recently discovered Internet-security flaw called Heartbleed, which may have exposed people's passwords and other confidential information to hackers. Below is a list of major sites that were affected by this flaw, which means that if you use them, you should probably change your password right away:

Facebook

Gmail and other Google sites (Google did release a statement saying that its users were safe and likely have nothing to worry about. It's up to you, but changing your passwords would be the safest choice.)

Tumblr

Yahoo Mail

Amazon Web Services (This is not Amazon.com, the shopping site.)

GoDaddy

Intuit (TurboTax)

Dropbox

LastPass

OKCupid

Soundcloud

Wunderlist

Somewhat surprisingly (or not, depending on what you think of them), the big banks and most financial-services companies do not seem to have been affected. Bank of America, Chase, Fidelity, E*trade, Wells Fargo and more did not suffer any risk of a security breach, as they do not utilize the particular software that was exposed.

Mashable has put together a comprehensive, easy-to-read list of what sites were and weren't affected, including statements from the companies explaining what they've done to patch the flaw or, in some cases, why they weren't affected in the first place. And if you're curious about a particular site not listed there, you can enter the address here and find out if that site is vulnerable or not.

Here are a couple of quick and (relatively) easy ways to protect yourself against identity theft and loss of other personal data (via Vox):

Use two-step verification, which requires someone to get both your password and your phone in order to access your data

Change all of your passwords regularly, as in more than once a year or only when a company prompts you to do so

Make a list of all your passwords and their corresponding sites. This can be a pain, but it's probably the most effective way to keep track of everything.

Last, the great Web comic XKCD has provided an important lesson about how to choose a password. Remember, using a password with a lot of gimmicks (like "Tr0ub4dor &3") isn't nearly as effective as a string of random words (like "correct horse battery staple"). Here's why:

XKCD

Though be careful not to actually use "correct horse battery staple"—that one's taken.